Video Conferencing – A trade-off between Privacy and Usability?

April 14, 2020

Zoom is currently undergoing a lawsuit regarding illegally disclosing user data to third parties, including Facebook. “According to the suit, Zoom’s privacy policy doesn’t explain to users that its app contains code that discloses information to Facebook and potentially other third parties.” What lessons should companies take away when investing in tools like zoom?

Lessons from Zoom for companies on privacy:

Beware of integrations

Unfortunately connectivity and true privacy/security are near impossible to achieve at the same time. The more connections a platform has to third party apps and vendors, the more likely it is that data is being shared and security weaknesses exist. One of Zoom’s recent issues illustrates this well - the platform had an API integration with Facebook that was found to be sharing personal user data. The API brought little benefit to Zoom users (which is why it has since been removed) but gave Facebook personal user data without permission.

Demand hyper-transparency

At minimum, whatever tool a company invests in should have clear privacy policies that align with its expectations. Other transparency practices can include an open source code and third party auditing. It is especially important to demand full transparency now, as strict government regulations like CCPA and GDPR are enforcing high levels of culpability from all organizations that handle data.

Conduct due diligence

COVID-19 has been especially trying for privacy/security protocols as companies have had to roll out remote working at breakneck speed. However, many businesses are being confronted by the vulnerabilities they have unknowingly introduced to their organization. This is why it’s important to take the time to fully assess all tools as ultimately, it will be the company, its customers and its finances on the line if it all goes south.
Zoom has also come under fire for cybersecurity weaknesses. As for cybersecurity on apps like Zoom, same kind of question -- what's the message to business users of such apps?

Privacy and Security should not be complicated

Find tools where security and privacy measures are on by default. Some tools might promise endless customizable security protocols but in the end it is up to the end-user to understand and use the service. The only way to ensure a fast and worry-free rollout is when all necessary security and privacy requirements are included when first installed. What we dont want are endless toggles, switches and options. The security and user experience should be the same for everyone from the get-go.

The privacy and security issues in Zoom’s platform that have recently come to light are, unfortunately, unsurprising. Zoom and similar platforms were built as solutions for quick and efficient collaboration with a focus on productivity first and foremost. While these solutions have undoubtedly enabled a higher level of connectivity across remote teams, they lack strong security foundations, which make them unprepared to be a reliable channel for companies to conduct critical business operations on. These platforms often need to keep patching vulnerabilities at the expense of their users. Zoom, for example, has had chronic issues with security and privacy and had two big issues to patch just last year.

The big takeaway is to prioritize investing in apps that offer secure solutions (and don’t have a checkered history) now. Slack, Microsoft Teams, Zoom and even WhatsApp all provide ways for remote teams to talk with each other with more frequency and ease. The real determining factor now for the best remote team working is secure connectivity. Can your teams communicate and share sensitive IP or data, with the confidence that it is going to the right place without putting the organization at risk? We are now at the start of a new generation of work: companies that want to stay ahead of the curve will utilize technology that is built to enable productivity with security as a core tenant.